The issues with mobile security - Yubico comments
May 2021 by Nic Sarginson, Principal Solutions Engineer at Yubico
In case useful for any stories you might be writing about Boris Johnson’s mobile number risks, The comments from Nic Sarginson, Principal Solutions Engineer at Yubico, discussing the broader safety concerns relating to mobile security. Yubico helps companies like Google to secure 85,000+ of its employees against online fraud.
“As Prime Minister, Boris Johnson is a key target for bad actors wanting to gain insight into UK Government activities. His mobile number being so easy to find online has obvious security implications but even after he changes his phone number, he will still be at risk. Mobile devices are easy to hack. Authentication via SMS One Time Passwords (OTPs) can be easily intercepted and leave users vulnerable to SIM Swapping, where an adversary is able to gain access to all of the security codes (and other private details) in the users’ phone.
“This story has brought to light the vulnerability of our mobiles, especially as it relates to authentication. But the risk of a cyberattack is not limited to the Prime Minister. All who only use SMS authentication are at potential risk. But, there are things we can do to protect ourselves. The main step is to implement strong two-factor authentication (2FA), beyond basic methods such as SMS OTPs. Biometrics and hardware keys are the strongest methods. Google even uses security keys to protect over 85,000 of its employees, leading to zero confirmed account takeovers.”